On Wed, Apr 22, 2015 at 12:02:06PM +0200, Jakub Hrozek wrote: > On Wed, Apr 22, 2015 at 11:09:33AM +0200, Sumit Bose wrote: > > > * extend ''struct pam_auth_req'' > > > * add new field `use_cached_auth` (default value is false) > > > * extend ''pam_dom_forwarder()'' > > > * obtain value of domain option `cached_authentication_timeout` > > > > I think you can add a new element to pam_ctx for this like we currently > > do this e.g. with id_timeout. > > The design page is not too specific about this detail, but I think Pavel > intended to have a per-domain option, which would then make sense to > include in a per-domain data structure, maybe even sss_domain_info.
ah, I see, makes sense. Maybe a global/domain-specific option like we have for other case as well might fit here as well. Please note that we currently cannot set the per-sub-domain. bye, Sumit > > > > > Please check if cached_authentication_timeout is not larger than > > offline_credentials_expiration (given in days) and use the smaller of > > the two. > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
